package com.zbcn.combootsecurity.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SmsWebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.apply(smsCodeAuthenticationSecurityConfig).and().authorizeRequests()
				// 如果有允许匿名的url，填在下面
				.antMatchers("/sms/**").permitAll()
				.anyRequest().authenticated()
				.and()
				// 设置登陆页
				.formLogin().loginPage("/login")
				// 设置登陆成功页
				.defaultSuccessUrl("/").permitAll()
				.and()
				.logout().permitAll();

		// 关闭CSRF跨域
		http.csrf().disable();
	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		// 设置拦截忽略文件夹，可以对静态资源放行
		web.ignoring().antMatchers("/css/**", "/js/**");
	}

}
